Chen Yan,Hocheol Shin,Connor Bolton,Wenyuan Xu,Yongdae Kim,Kevin Fu

DOI: https://doi.org/10.1109/sp40000.2020.00026

2020-01-01

Abstract:Over the last six years, several papers demonstrated how intentional analog interference based on acoustics, RF, lasers, and other physical modalities could induce faults, influence, or even control the output of sensors. Damage to the availability and integrity of sensor output carries significant risks to safety-critical systems that make automated decisions based on trusted sensor measurement. Established signal processing models use transfer functions to express reliability and dependability characteristics of sensors, but existing models do not provide a deliberate way to express and capture security properties meaningfully. Our work begins to fill this gap by systematizing knowledge of analog attacks against sensor circuitry and defenses. Our primary contribution is a simple sensor security model such that sensor engineers can better express analog security properties of sensor circuitry without needing to learn significantly new notation. Our model introduces transfer functions and a vector of adversarial noise to represent adversarial capabilities at each stage of a sensor's signal conditioning chain. The primary goals of the systematization are (1) to enable more meaningful quantification of risk for the design and evaluation of past and future sensors, (2) to better predict new attack vectors, and (3) to establish defensive design patterns that make sensors more resistant to analog attacks.

Nikhil Patnaik,Joseph Hallett,Awais Rashid

2024-07-08

Abstract:Writing secure code is challenging and so it is expected that, following the release of code-generative AI tools, such as ChatGPT and GitHub Copilot, developers will use these tools to perform security tasks and use security APIs. However, is the code generated by ChatGPT secure? How would the everyday software or security engineer be able to tell? As we approach the next decade we expect a greater adoption of code-generative AI tools and to see developers use them to write secure code. In preparation for this, we need to ensure security-by-design. In this paper, we look back in time to Saltzer & Schroeder's security design principles as they will need to evolve and adapt to the challenges that come with a world of AI-generated code.

Software Engineering

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

Jos Wetzels,Daniel dos Santos,Mohammad Ghafari

DOI: https://doi.org/10.1145/3576914.3587485

2023-03-22

Abstract:We inspected 45 actively deployed Operational Technology (OT) product families from ten major vendors and found that every system suffers from at least one trivial vulnerability. We reported a total of 53 weaknesses, stemming from insecure by design practices or basic security design failures. They enable attackers to take a device offline, manipulate its operational parameters, and execute arbitrary code without any constraint. We discuss why vulnerable products are often security certified and appear to be more secure than they actually are, and we explain complicating factors of OT risk management.

Cryptography and Security

Ashvini A Kulshrestha,Guanqun Song,Ting Zhu

DOI: https://doi.org/10.48550/arXiv.2312.15150

2023-12-23

Abstract:The year 2022 saw a significant increase in Microsoft vulnerabilities, reaching an all-time high in the past decade. With new vulnerabilities constantly emerging, there is an urgent need for proactive approaches to harden systems and protect them from potential cyber threats. This project aims to investigate the vulnerabilities of the Windows Operating System and explore the effectiveness of key security features such as BitLocker, Microsoft Defender, and Windows Firewall in addressing these threats. To achieve this, various security threats are simulated in controlled environments using coded examples, allowing for a thorough evaluation of the security solutions' effectiveness. Based on the results, this study will provide recommendations for mitigation strategies to enhance system security and strengthen the protection provided by Windows security features. By identifying potential weaknesses and areas of improvement in the Windows security infrastructure, this project will contribute to the development of more robust and resilient security solutions that can better safeguard systems against emerging cyber threats.

Cryptography and Security

Shiang-Jiun Chen,Chin-Shen Fang,Tzu-Yun Wang,I-Wei Chiang

DOI: https://doi.org/10.1109/ICKII58656.2023.10332769

2023-08-11

Abstract:Under the Software-Defined Networking (SDN) framework, Low Earth Orbit (LEO) operates with its multiple architectures, including Cross-Domain Controller Architecture, Inter-Domain Controller Architecture, and so on. For cross-domain controller structure, the security of the east-west protocol is considered, including the protocols and sources in its secure design. For the inter-domain controller, the south-north bound protocol and software are used. we proposed a method to build a treatment model to provide a mechanism for the abnormal behavior. On these two architectures, we employed a series of security analysis methods and countermeasures. Regarding the security analysis methods, we used software composite analysis (SCA), static application security testing (SAST), and dynamic application security testing (DAST) to assess the potential threats and attack vectors, and then build a threat model. East-west and south-north (application layer) protocols were considered in building the threat model. With this model, the monitor mechanism was established for the abnormal activities. The security performance was evaluated.

Engineering,Computer Science

Patrick Stöckle,Michael Sammereier,Bernd Grobauer,Alexander Pretschner

DOI: https://doi.org/10.1109/AST58925.2023.00013

2023-03-10

Abstract:Insecure default values in software settings can be exploited by attackers to compromise the system that runs the software. As a countermeasure, there exist security-configuration guides specifying in detail which values are secure. However, most administrators still refrain from hardening existing systems because the system functionality is feared to deteriorate if secure settings are applied. To foster the application of security-configuration guides, it is necessary to identify those rules that would restrict the functionality. This article presents our approach to use combinatorial testing to find problematic combinations of rules and machine learning techniques to identify the problematic rules within these combinations. The administrators can then apply only the unproblematic rules and, therefore, increase the system's security without the risk of disrupting its functionality. To demonstrate the usefulness of our approach, we applied it to real-world problems drawn from discussions with administrators at Siemens and found the problematic rules in these cases. We hope that this approach and its open-source implementation motivate more administrators to harden their systems and, thus, increase their systems' general security.

Software Engineering

Antigoni Kruti,Usman Butt,Rejwan Bin Sulaiman

2023-09-05

Abstract:This paper of work examines the SolarWinds attack, designed on Orion Platform security incident. It analyses the persistent threats agents and potential technical attack techniques to gain unauthorized access. In 2020 SolarWinds attack indicates an initial breach disclosure on Orion Platform software by malware distribution on IT and government organizations such as Homeland Security, Microsoft and Intel associated with supply chains leaks consequences from small loopholes in security systems. Hackers increased the number of infected company and businesses networks during the supply-chain attack, hackers were capable to propagate the attack by using a VMware exploit. On the special way they started to target command injections, privilege escalations, and use after free platforms of VMware. In this way, they gained access to Virtual Machines and in the east way pivot other servers. This literature review aim to analyze the security gap regarding to SolarWinds incident on Orion Platform, the impact on industry and financial sectors involving the elements of incident response plan. Therefore, this research paper ensures specifications of proper solutions for possible defense security systems by analyzing a SolarWinds attack case study via system evaluation and monitoring. It concludes with necessary remediation actions on cyber hygiene countermeasures, common vulnerabilities and exposure analysis and solutions.

Computational Engineering, Finance, and Science,Cryptography and Security

Brooklynn Stone,T. Cerný,Connor Woodahl,Karel Frajták,Miroslav Bures,Pavel Tisnovsky,John E. Raffety,J. Svacina,Dongwan Shin

DOI: https://doi.org/10.1145/3400286.3418261

2020-10-13

Abstract:Log analysis is a technique of deriving knowledge from log files containing records of events in a computer system. A common application of log analysis is to derive critical information about a system's security issues and intrusions, which subsequently leads to being able to identify and potentially stop intruders attacking the system. However, many systems produce a high volume of log data with high frequency, posing serious challenges in analysis. This paper contributes with a systematic literature review and discusses current trends, advancements, and future directions in log security analysis within the past decade. We summarized current research strategies with respect to technology approaches from 34 current publications. We identified limitations that poses challenges to future research and opened discussion on issues towards logging mechanism in the software systems. Findings of this study are relevant for software systems as well as software parts of the Internet of Things (IoT) systems.

Computer Science,Engineering

Jinsheng Sun,Shaobo Li,Jun Xu,Jikun Huang

DOI: https://doi.org/10.48550/arxiv.2204.12590

2022-01-01

Abstract:This paper presents a systematic study on the security of modern file systems, following a vulnerability-centric perspective. Specifically, we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years. We characterize them from four dimensions that include why the vulnerabilities appear, how the vulnerabilities can be exploited, what consequences can arise, and how the vulnerabilities are fixed. This way, we build a deep understanding of the attack surfaces faced by file systems, the threats imposed by the attack surfaces, and the good and bad practices in mitigating the attacks in file systems. We envision that our study will bring insights towards the future development of file systems, the enhancement of file system security, and the relevant vulnerability mitigating solutions.

Lirong Dai,Kendra Cooper

2007-01-01

Abstract:There has been a growing interest in investigating methodologies to support the development of secure sys- tems in the software engineering research community. Re- cently, much attention has been focused on the modelling and analysis of security properties for systems at the soft- ware architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software de- velopment life-cycle. This reduces development time, re- duces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a sur- vey for researchers involved in the problem of systemat- ically modelling and analyzing software architecture de- sign that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authenti- cation, role-based access control, etc.), and the kind of example system that has been used to illustrate the ap- proach (information, distributed, etc.).

Mehdi Mirakhorli,Matthias Galster,Laurie Williams

DOI: https://doi.org/10.1145/3385678.3385687

2020-04-28

ACM SIGSOFT Software Engineering Notes

Abstract:Analyzing, implementing and maintaining security requirements of software-intensive systems and achieving truly secure software requires planning for security from ground up, and continuously assuring that security is maintained across the software's lifecycle and even after deployment when software evolves. Given the increasing complexity of software systems, new application domains, dynamic and often critical operating conditions, the distributed nature of many software systems, and fast moving markets which put pressure on software vendors, building secure systems from ground up becomes even more challenging. Security-related issues have previously been targeted in software engineering sub-communities and venues. In the second edition of the International Workshop on Security from Design to Deployment (SEAD) at the International Conference on Automated Software Engineering (ASE) 2020, we aimed to bring the research and practitioner communities of requirements engineers, security experts, architects, developers, and testers together to identify foundations, and challenges, and to formulate solutions related to automating the analysis, design, implementation, testing, and maintenance of secure software systems.

Chen Zhi,Jianwei Yin,Junxiao Han,Shuiguang Deng

DOI: https://doi.org/10.1109/apsec51365.2020.00058

2020-01-01

Abstract:Logging is a common practice to collect valuable runtime information about software systems. However, information written to log files can be sensitive and give valuable guidance to attackers. In fact, information exposure through logging is not uncommon. Even large-scale online services (e.g., Facebook and Twitter) have reported exposing sensitive information via log files, and hundreds of millions of users are affected. Despite the severity of such vulnerabilities, there is no existing work that studies such vulnerabilities in the real-world context, and we have little knowledge about them. To fill this gap, we conduct a preliminary study on 413 real-world vulnerabilities to investigate the exploitability and root causes of such vulnerabilities. By analyzing these vulnerabilities, we find that 1) about two-third (67.8%) vulnerabilities can be exploited via the network, and a significant amount (89.3%) of vulnerabilities can be exploited with low efforts; 2) malicious users and insiders can use about half of (46.9%) proof-of-concept exploits to launch attacks without any expertise; 3) the top three common root causes for the vulnerabilities are insecure whole-object logging (43.4%), incorrect permission assignment (17.5%), and improper implementation of sanitization (11.2%). Based on the findings, we also discuss the implications for researchers and practitioners. We believe our work can inspire further work on detecting and fixing the vulnerabilities.

Jeferson Martínez,Javier M. Durán

DOI: https://doi.org/10.18280/ijsse.110505

2021-10-31

International Journal of Safety and Security Engineering

Abstract:Exploitation of a vulnerability that compromised the source code of the Solar Winds’ Orion system, a software that is used widely by different government and industry actors in the world for the administration and monitoring of networks; brought to the fore a type of stealth attack that has been gaining momentum: supply chain attacks. The main problem in the violation of the software supply chain is that, from 85% to 97% of the code currently used in the software development industry comes from the reuse of open source code frameworks, repositories of third-party software and APIs, creating potential vulnerabilities in the development cycle of a software product. This research analyzes the SolarWinds case study from an exploratory review of academic literature, government information, but also from the articles and reports that are published by different cybersecurity consulting firms and software providers. Then, a set of good practices is proposed such as: Zero trust, Multi-Factor authentication mechanisms (MFA), strategies such as SBOM and the recommendations of the CISA guide to defend against this type of attack. Finally, the research discusses about how to improve response times and prevention against this type of attacks, also future research related to the subject is suggested, such as the application of Machine Learning and Blockchain technologies. Additionally for risk reduction, in addition to the management and articulation of IT teams that participate in all the actors that are part of the software life cycle under a DevSecOps approach.

Na Meng,Stefan Nagy,Daphne Yao,Wenjie Zhuang,Gustavo Arango Argoty

DOI: https://doi.org/10.48550/arXiv.1709.09970

2017-09-28

Abstract:Java platform and third-party libraries provide various security features to facilitate secure coding. However, misusing these features can cost tremendous time and effort of developers or cause security vulnerabilities in software. Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices? In this paper, we conducted a comprehensive empirical study on StackOverflow posts to understand developers' concerns on Java secure coding, their programming obstacles, and potential vulnerabilities in their code. We observed that developers have shifted their effort to the usage of authentication and authorization features provided by Spring security--a third-party framework designed to secure enterprise applications. Multiple programming challenges are related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure Spring security. More interestingly, we identified security vulnerabilities in the suggested code of accepted answers. The vulnerabilities included using insecure hash functions such as MD5, breaking SSL/TLS security through bypassing certificate validation, and insecurely disabling the default protection against Cross Site Request Forgery (CSRF) attacks. Our findings reveal the insufficiency of secure coding assistance and education, and the gap between security theory and coding practices.

Cryptography and Security

Quan Zhang,Chijin Zhou,Yiwen Xu,Zijing Yin,Mingzhe Wang,Zhuo Su,Chengnian Sun,Yu Jiang,Jiaguang Sun

DOI: https://doi.org/10.1145/3622842

2023-01-01

Proceedings of the ACM on Programming Languages

Abstract:Attack surface reduction is a security technique that secures the operating system by removing the unnecessary code or features of a program. By restricting the system calls that programs can use, the system call sandbox is able to reduce the exposed attack surface of the operating system and prevent attackers from damaging it through vulnerable programs. Ideally, programs should only retain access to system calls they require for normal execution. Many researchers focus on adopting static analysis to automatically restrict the system calls for each program. However, these methods do not adjust the restriction policy along with program execution. Thus, they need to permit all system calls required for program functionalities. We observe that some system calls, especially security-sensitive ones, are used a few times in certain stages of a program’s execution and then never used again. This motivates us to minimize the set of required system calls dynamically. In this paper, we propose , which gradually disables access to unnecessary system calls throughout the program’s execution. To accomplish this, we utilize partial order analysis to transform the program into a partially ordered graph, which enables efficient identification of the necessary system calls at any given point during program execution. Once a system call is no longer required by the program, can restrict it immediately. To evaluate , we applied it to seven widely-used programs with an average of 615 KLOC, including web servers and databases. With partial order analysis, restricts an average of 23.50, 16.86, and 15.89 more system calls than the state-of-the-art Chestnut, Temporal Specialization, and the configuration-aware sandbox, C2C, respectively. For mitigating malicious exploitations, on average, defeats 83.42% of 1726 exploitation payloads with only a 5.07% overhead.

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.

Vincent Lenders,Franklyn Sciberras,Martin Strohmeier,Johannes Willbold

DOI: https://doi.org/10.1109/AERO58975.2024.10521192

2024-03-02

Abstract:The security of satellite and space systems has become a pressing concern in recent years as various high-profile incidents involving satellite-based internet access have been observed in the context of the war in Ukraine. An increase in threat level is partly due to a) rapid advancements in affordable software-defined communications equipment, which have made it easier for attackers to gain communication capabilities with orbital assets and b) the increasing adoption of commercial off-the-shelf hardware and software components in spacecraft enhancing affordability and exposing potential vulnerabilities more easily. A recent study revealed that satellite software typically lacks sufficient protection against unauthorized access. However, it remains unclear how this inherent lack of security is critical to other satellites in orbit as no public work exists on cybersecurity reconnaissance. Hence, to date, identifying non-standard commands and assessing potential vulnerabilities are deemed challenging steps for attackers to perform.In light of this current state, this paper analyzes how attackers may conduct reconnaissance on satellites’ capabilities without targeting the ground segment. We develop strategies that attackers may employ to evaluate satellites’ capabilities using a satellite implementation that adheres to the ECSS-standardized Telecommand on top of a CCSDS protocol stack. Our considered strategies encompass enumeration methods to identify the subset of the standard implemented, including non-standardized functionalities. Additionally, we present strategies to analyze implementation-specific aspects of CCSDS’ Space Data Link Security (SDLS) Protocol, which serves as the primary security protocol within the CCSDS protocol family. Our strategies test the potential for timing side channels, fault-message-based enumeration, and payload length enumeration testing. To evaluate the effectiveness of our strategies, we apply them to a real-world satellite and measure their success rate.

Engineering,Political Science,Computer Science

Lindsay Sterle,S. Bhunia

DOI: https://doi.org/10.1109/SWC50871.2021.00094

2021-10-01

Abstract:Persistent Threat agents from across the world are ever evolving their technological techniques to gain access to these systems and the information within. The potential for harm that can be exploited through cybersecurity attacks has no bounds. We must analyze and learn from our experiences to further our exploration in solutions preventing, detecting and remediating these attacks. This article is designed to analyze the security incident regarding SolarWinds’ Orion Platform, the details of its occurrence, the influence on the individuals involved, the industry as a whole, the financial sector, and elements of SolarWinds’ incident response as well as potential contingency plans. This paper serves as a tool in the exploration of cybersecurity solutions by providing a case study on an unprecedented security incident.

Engineering,Computer Science